Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
JSecurity
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD

org.jsecurity.web.filter.authc
Class AuthenticationFilter

java.lang.Object
  extended by org.jsecurity.web.servlet.ServletContextSupport
      extended by org.jsecurity.web.servlet.OncePerRequestFilter
          extended by org.jsecurity.web.servlet.AdviceFilter
              extended by org.jsecurity.web.filter.PathMatchingFilter
                  extended by org.jsecurity.web.filter.AccessControlFilter
                      extended by org.jsecurity.web.filter.authc.AuthenticationFilter
All Implemented Interfaces:
Filter, Nameable, PathConfigProcessor
Direct Known Subclasses:
AuthenticatingFilter, PassThruAuthenticationFilter
public abstract class AuthenticationFilter
extends AccessControlFilter

Base class for all Filters that require the current user to be authenticated. This class encapsulates the logic of checking whether a user is already authenticated in the system. If the user is not authenticated, we use the template method pattern to delegate the processing of an unauthenticated request to sub classes.

Since:
0.9
Author:
Allan Ditzel, Jeremy Haile, Les Hazlewood

Field Summary
static String DEFAULT_SUCCESS_URL
           
 
Fields inherited from class org.jsecurity.web.filter.AccessControlFilter
DEFAULT_LOGIN_URL, GET_METHOD, POST_METHOD
 
Fields inherited from class org.jsecurity.web.filter.PathMatchingFilter
appliedPaths, pathMatcher
 
Fields inherited from class org.jsecurity.web.servlet.OncePerRequestFilter
ALREADY_FILTERED_SUFFIX, filterConfig
 
Constructor Summary
AuthenticationFilter()
           
 
Method Summary
protected  String getSuccessUrl()
           
protected  boolean isAccessAllowed(ServletRequest request, ServletResponse response, Object mappedValue)
          Determines whether the current subject is authenticated.
protected  void issueSuccessRedirect(ServletRequest request, ServletResponse response)
           
 void setSuccessUrl(String successUrl)
          Sets the success URL that is the default location a user is sent to after logging in when issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse) is called by subclasses of this filter.
 
Methods inherited from class org.jsecurity.web.filter.AccessControlFilter
getLoginUrl, getSubject, isLoginRequest, onAccessDenied, onPreHandle, redirectToLogin, saveRequest, saveRequestAndRedirectToLogin, setLoginUrl
 
Methods inherited from class org.jsecurity.web.filter.PathMatchingFilter
getPathWithinApplication, pathsMatch, pathsMatch, preHandle, processPathConfig
 
Methods inherited from class org.jsecurity.web.servlet.AdviceFilter
afterCompletion, cleanup, doFilterInternal, executeChain, postHandle
 
Methods inherited from class org.jsecurity.web.servlet.OncePerRequestFilter
destroy, doFilter, getAlreadyFilteredAttributeName, getFilterConfig, getName, init, onFilterConfigSet, setFilterConfig, setName, shouldNotFilter
 
Methods inherited from class org.jsecurity.web.servlet.ServletContextSupport
bind, getAttribute, getContextInitParam, getServletContext, removeAttribute, setAttribute, setServletContext
 
Methods inherited from class java.lang.Object
clone, equals, finalize, getClass, hashCode, notify, notifyAll, toString, wait, wait, wait
 

Field Detail

DEFAULT_SUCCESS_URL

public static final String DEFAULT_SUCCESS_URL
See Also:
Constant Field Values
Constructor Detail

AuthenticationFilter

public AuthenticationFilter()
Method Detail

getSuccessUrl

protected String getSuccessUrl()

setSuccessUrl

public void setSuccessUrl(String successUrl)
Sets the success URL that is the default location a user is sent to after logging in when issueSuccessRedirect(javax.servlet.ServletRequest, javax.servlet.ServletResponse) is called by subclasses of this filter.

Parameters:
successUrl - the success URL to redirect the user to after a successful login.

isAccessAllowed

protected boolean isAccessAllowed(ServletRequest request,
                                  ServletResponse response,
                                  Object mappedValue)
Determines whether the current subject is authenticated.

The default implementation acquires the currently executing Subject and then returns subject.isAuthenticated();

Specified by:
isAccessAllowed in class AccessControlFilter
Parameters:
request - the incoming ServletRequest
response - the outgoing ServletResponse
mappedValue - the filter-specific config value mapped to this filter in the URL rules mappings.
Returns:
true if the subject is authenticated; false if the subject is unauthenticated

issueSuccessRedirect

protected void issueSuccessRedirect(ServletRequest request,
                                    ServletResponse response)
                             throws Exception
Throws:
Exception
Overview  Package   Class  Use  Tree  Deprecated  Index  Help 
JSecurity
 PREV CLASS   NEXT CLASS FRAMES    NO FRAMES    
SUMMARY: NESTED | FIELD | CONSTR | METHOD DETAIL: FIELD | CONSTR | METHOD
Copyright © 2004-2008 JSecurity.